The Hacker Mind Podcast: Hacking Communities

Robert Vamosi
July 14, 2021
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

As we head to Hacker Summer Camp, how should we rebuild our infosec communities to be more inclusive and diverse? Jack Daniel offers his unique voice.

As one of the founders of BSides and as a community advocate for Tenable, Jack provides guidance on how we can re-emerge and successfully amplify and support people of different ethnicities, faiths, and genders within our infosec communities without being patronizing

Vamosi:  It's July once again, and my thoughts naturally turned to hacker summer camp -- Black Hat, BSides, Fuzzcon, DEF CON. I'm attending in person this year, as are a lot of people in the InfoSec world. And for a lot of us it's their first time out in more than a year. So lots of questions. For instance, how do we interact with each other again? And more importantly, what do we want from those interactions, which in the past, sometimes meant excluding parts of our community. Rather, I choose to see this as a fresh start to create a new community within InfoSec.

To learn more about what we can do better. I reached out to somebody who really knows the strengths and weaknesses within the InfoSec community very well.

If you only know one thing about Jack Daniels, it's that he's first and foremost, a people person, a community guy. In fact, that is his role at tenable. Even outside that role. Jack is a refreshing industry voice, one that should carry considerable weight as we collectively start to emerge from a worldwide pandemic. 

Daniel: We went through a pandemic. Last time we had one of those was over a century ago, there were only a couple people alive now, who were there, they don't remember it because they were in diapers. This is a global pandemic. It's changed a lot of things. I don't know if I'm the same person. 

Vamosi: It’s 2021, and Jack is vaxed and already hitting the road in style. 

Daniel: Yeah, I’m visiting my son so I just have my tiny old motorhome. It's a little tired, but it's basically a mobile office, multiple monitors and hotspots and everything so that when I travel I can pretend that I'm not. 

Vamosi: So before we go to Vegas again before we return to sector or any of the other favorite conferences we might attend. Let's take a moment and consider how we can emerge from our quarantine and really do this right.


Vamosi: Welcome to The Hacker Mind, an original podcast from ForAllSecure. It's about challenging our expectations about the people who hack for a living. 

I'm Robert Vamosi, and in this episode I'm talking about hacking communities about how after a COVID induced pause, we can start to acknowledge and even re engage with some of the small and wonderfully diverse hacker communities that have been at times in the past, left behind in our rush toward corporate conferences, and sometimes toxic influence or based social media. Yeah, that's a pretty tall order, restoring those voices, but after talking with Jack, I do feel more than ever that it's not entirely outside of our grasp.


Vamosi: One of the problems in InfoSec, is that a lot of us are introverts. We're happy at the keyboard, but when it comes to real human interactions, it's sometimes hard, not for everyone, of course, some of us are really good at the human side of things. Often when we do connect, we're exposed to new ideas.

Daniel:  The less siloed we are in our own minds, in our own communities, in our industries in our clubs, the more we get exposed to different ideas. You know, I think, I forget the Mark Twain quote but I think it was Twain. I like to credit him for all the quotes I like, because he was a bitter old man but he had a sharp sense of humor and that's something I got the bitter old man part town and I'm working on, what's the quote”  “Travel is detrimental and deadly to prejudice.” 

Vamosi: Often we're afraid of the things that we don't know, and that includes, even people in cultures. So, leaving our homes, traveling is the best way to overcome that fear that we have of the rest of the world. 

Daniel: You have to meet people and it's one of the things I'm sitting here in my old little motorhome. Little tiny thing but it, it has been across the US back and forth many times and up and down the East Coast and through the upper Midwest and Central States repeatedly, and whenever the schedule allows. And it fits on the roads. It's just the size of a pickup truck but it's a little tall. I get off the highways, and I get into the back roads, when I'm traveling. 

Vamosi: I often find it's better for me to walk rather than ride a taxi, around the city I've never been in before. By walking the sidewalks, I learned the lay of the land. I find the hidden local spots for coffee and food with his mobile home. Jack is doing something similar. One of the observations I have, and I don't care where your politics lie.

Daniel:  Man, get off the interstates, see the places that feel left out. You know I have had a rather prosaic comment about it which is you know you get off the interstates, you see the places that time forgot, And the people that never knew. 

Vamosi: Going back to the 1950s, the US interstate system was designed to bypass populations, and therefore expedite travel. It was also designed under President Eisenhower to move military troops and vehicles from point A to point B, but that's another story. So, what about all those people in businesses that you no longer see, the ones that live away from the freeways, the ones who actually live and work in the communities that you've chosen to sail past, you don't take care of them. 

Daniel: I don't care what your politics are, you're not taking care of us, not to sound too terribly idealistic, but if you're not taking care of those people who were left behind and some of the stories we know you know, drive through Pennsylvania and see the steel and coal that's gone. And you know the hollow empty factories in different places. Some of the stories are known but you. You see, Mills, you see cotton gins, you see mines that have shut down, you see places and every now and then there's somewhat of a success story. But, you see that, And enough roads. 

Vamosi: Consider route 66 The highway through the Southwest United States that inspired a hit 1960s series. Once I 70 and other interstate freeways were constructed, old towns disappeared. Some overnight. 

Daniel:  But what's also fun there is to see the people that are coming up with creative ways to do something, or my favorite ones lately is a small town in southern Arizona called a Ajo was a mining town. 

Vamosi:  Okay, I had to look this one up. Ajo, A-J-O, Arizona is on highway 85 With interstate eight to the north and the Mexican border to the south, with the interstate, the town got left behind.

Daniel:  Due to some labor disputes, and, you know, mining, even open pit mining, is a rough job. So, people wanted to be paid fairly because of their complaint about the cost of copper in the competition from overseas. The mine closed and large parts of the town, it was a company town, large parts of the town were bulldozed, the old part of town stayed, and there was much work there. The story could have ended, but the town chose to remain relevant and reinvented itself and become instead a tourist Mecca, along the US Mexican border. And it's an art community, it has some of the best street art painted on the walls. You walk, basically a one block wide area by about four blocks long and the old part of town and it's this gorgeous square, and there's just amazing art and there's a school that does art there and it's a lot of snowbirds, it's in South Arizona. So, from now until October, it's a little toasty. But, and like all the West they're shorter Mater, but not everybody can be an art town but it's great seeing people it's like hey we want artists, what are you doing, I'll tell you what we're going to do we're going to open all of the walls except for the old Adobe in the, in the square two artists, it's the pain. It's like as soon as you're driving into town, your first thought is, hey, this is a cool

Vamosi:  Small towns left behind by the interstate system provide a great metaphor for what’s happened in infosec. What started as a small community of like minded people on BBSs, then gathering in the desert of Las Vegas each summer, has become sprawling … business, for lack of a better word. How do we continue to accommodate those diverse voices that don’t often get heard or even included in the large corporate events? How do we re-invent these small communities within Infosec?

Jack is probably best known as one of the three co-founders of the popular BSides security conferences. The name comes from old vinyl records. With 45rpms you had one hit song that you wanted to sell; you then had to put something else on the back. Sometimes the B-sides of these 45s contained live versions, extended versions, or classics. Often these were really good but initially underappreciated songs.  For example, The Beatles’ “Revolution” was a b-side. Same with the Rolling Stones’ “You Can’t Always Get What You Wanted.” And so was Queen’s “We Will Rock You.” 

So BSides was born of a frustration that there were some great talks that didn’t fit the larger conference structure and therefore didn’t get accepted by the major conferences like Black Hat and DEF CON. So Jack and his buddies wanted to understand why these talks were rejected. They found that some of these talks, while great, might only appeal to 20 people. That wouldn’t pack a big conference room at Mandalay Bay or Caesars. But does that also mean they shouldn't be heard? 

At that time back in 2010. Chris Nickerson was renting a house in Las Vegas, away from the Strip. The house had this one large meeting room. So Jack and others decided to put on their own, smaller organic alternative conference. And so during the summer camp that year. Besides, I was born. Okay, but you look closely and alone, the do-it-yourself model for security conferences has since spread to all parts of the world today.

Daniel:  BSides used to all be in person events, and then March of last year, this thing happened and the world kind of changed.

Vamosi:  I last interviewed Jack in January of 2020, in honor of BSides 10th anniversary. And at the time he was looking forward to traveling to London and Tel Aviv, and yes, Las Vegas, and he was also talking about how Vasa South Africa had just planned its first. Besides, of course, with COVID that travel never come about.

Daniel:   You know it's been rough from the besides we're watching parts of the world, go into, particularly our friends in India.  I'm not pinging them and ask them how they're doing because a couple of I've reached out I've talked to a couple of folks that are part of the besides family there. Same thing has happened in various other countries including here in the United States.

Vamosi: And those upcoming events that Jack and I talked about? They, too, had to either be canceled or shifted online. And there have been over 50 Besides events. Since then, which have been held virtually online. The desire to create besides events continues after more than a decade and more than 600 events in 174 cities in 47 countries. BSides shows no signs of slowing down.  

Daniel:  I spoke to a few weeks ago and spoke to some folks in Tallinn in Estonia, which has a great tech community, and they're kicking it off, I, I just spoke to someone this morning who is trying to bring a BSides to medical teams in the UK. I spoke to people in Fort Wayne, Indiana, A couple weeks ago.

Vamosi: Sometimes you're only addressing a small local audience with a talk. 

Daniel: I spoke to some folks to do a lot of maritime cybersecurity and industrial control, a kind of technology security in the maritime industry, both for the arts as well as commercial stuff. Besides, in, in Palma, the port, the big port city in Majorca, and you know they want to do it in the right season where the captains and crews particularly the technology crews can come to palm out for a weekend or whatever, and talk technology, and you know give regular security talks and things to run it but have a couple of people come in and talk specifically to the, the pains of that industry, and so you know those are just a couple. I know I'm missing a few other ones but that's just recently, you know, Indiana, and Tallinn, Estonia, that's, you know, Milton Keynes. It's all on a giant spreadsheet, because no matter what your problem is Excel is the wrong answer and we use it anyway. Sometimes it's cultural, you might not want to leave the country. Yet some people will find it hard to travel. Nonetheless, There are things that are close, but not everybody travels, you know, the UK has a different attitude towards travel than we do in the US, I grew up in Texas, the idea of an eight, eight hour road trip to get somewhere because add like an hour get to the airport, you have to sit around for an hour and then it's an hour flight and you have to rent the car and let's just get in the car and go, you know, I mean that's what I grew up with. And so the idea of an eight hour road trip. You can't circumnavigate the British, the main island in Britain, but you can go a long way. You can cover most of the country, but they don't do that. 

Vamosi: So it's okay, bringing a small conference like BSides to a remote community that has its advantages. 

Daniel:  If people who wouldn't otherwise travel will have something brought to them, and that's awesome. You know Taiwan doesn't have a blackout or an RSA and won't Palma Majorca. It's a tourist area. It's a tourist area but there's an industry, a maritime industry that serves the tourists, and it's also in the Mediterranean, which obviously has a ton of shipping commercial stuff, and so we're bringing you know they are bringing. Okay, besides that bringing Security Education approachable. Security Education to new communities. Would this be something I should follow up with that.

Vamosi: Jack, as you've heard, is a people person. How the shift online BSides affected him and others. 

Daniel:  We all miss each other. Although a lot of us, you know that are vaxed  starting to see people again it's like how does this people think it takes a little getting used to, because I used to be a huge difference, all the time 

Vamosi: Once he was vaccinated Jack made an attempt to meet with other people, again, even though everybody was safe, and it was a very small group, it was still difficult making the adjustment, 

Daniel: You know I was at event with 12 people, and we spent a few days, near each other and meeting up. Everybody was vaccinated and we spent most of our time outdoors, but still at the end of three days we were all like, That's enough people.

Vamosi: This, I think, is another underlying issue within infosec conferences. We’re all different, and as I said, I lot of us tend toward the introvert side of things. Going to DEF CON with twenty thousand of your closest friends might be overwhelming, a bit too much. I know I often retreat to my hotel room, just to get away from it all. That is an issue, by retreating to my room I’m making a choice to not hear perhaps the best talk of the con, the reason I came to it. 

Daniel: There are people that feel that way all the time and it doesn't take three days and 12 people to feel that way. And we've often made it difficult for them by not sharing with them, making them deal with crowds. And, you know, some events have made a real effort to make quiet areas, or to have, have some areas for escaping the madness conferences that have hotel rooms in the hotels, you can retreat to your room and you can't take any more. When you retreat to your room, you miss the content. 

Vamosi: COVID has exposed the fact that some people just can’t travel to in person events -- so attending remotely, that should be an option.

Daniel:  So, putting things online, and putting conferences online everybody wants. Most people that I talked to in the BSides world can't wait to be back together. But we've also seen how important it is to a lot of people that can't travel, whether it's for the pandemic or their budget, or it's just the idea of being in a crowd of people is not good. That's fine, taking new approaches to things that open us up to bringing people in, sharing information in ways that's, that's brilliant.  But I hope that as we go forward. A lot more content is put online. For the people that don't want to join us or can join us for a whole bunch of reasons.

Vamosi: There's an opportunity to reach out to new people, people who might otherwise lurk online.

Daniel:  If you can get the back room at the local pub for free or have trouble seeing us you have any drink. That's great, get people together and talk and meet people and you can see who's shy and if you've got people who've gotten over their own shyness in the crowd. You know they can take it from there. Right. And so they're, they're just very different. And, you know in that little meetup level it's easy to do online with a variety of platforms, it's also easy to do. But as far as a conference Yeah, depends on how big an event you do if you're somewhere where the Microsoft people will let you borrow a big room in their office or two rooms in their office or college or university, or even high school will let you do it, or there's, and you can afford it somehow through sponsorship or tuition fees. You go to a hotel with a conference facility brand does buy out of blues club, or you know, all sorts of things, you know, I've been, you know events that have been blues bars have been at events that have been in theater spaces of events that have been con conference centers have been abandoned restaurants we had to clean up and convert it.

Vamosi:  There's a whole bunch of diverse options, but for a lot of us we miss seeing people. COVID exposes the fact that some people just can't travel for in person events. So attending remotely, I think that should remain an option. So, putting things online. And, you know, putting conferences online, everybody wants.

Daniel:  Most people that I talked to in the BSides world can't wait to be back together. But we've also seen how important it is to a lot of people that can't travel, whether it's for the pandemic or their budget, or it's just the idea of being in a crowd of people is not good. That's fine, taking new approaches to things that open us up to bringing people in, sharing information in new ways, that's, that's brilliant. There's work to be had, whether you're renting out a dance hall or putting up an online platform, the virtual stuff has some real advantages, but speaking very personally doing things, virtually doesn't give the level of reward to a lot of people, myself included, that being there in person does the amount of work I put into. Besides, it takes a couple of thank yous. Or, Hey, I just wanted to let you know that, because of BSides I have my dream job. A few of those a year is like that's fuel for the fire and keeps you plugged in. 

Vamosi: You can also get thank you online, right? 

Daniel: Much Does everybody appreciate getting that online. If you're running down the hall at DEF CON and somebody says, Hey Jack, got a second and stop you and shake your hand or give you a hug, back when, you know, we didn't die from hugging each other. You know, if you're into hugs, if you're not into hugs, handshakes fist bumps, head nods, whatever that's that's fine too. You know those little personal interactions and sometimes larger ones but then those little in person, things are very powerful for me and a lot of other people. 

Vamosi: The decision to go online might seem easy, why not. Well, for one thing, apart from the platform, you have to consider the in person experience. I mean, have you really thought about it, how are you going to reproduce that

Daniel: It depends if you want to have the feel of an online conference. Then, the challenges are how to handle q & a. How do you handle connectivity issues, how do you handle scheduling. How do you get that feeling of the hallway track, which is you know you talk to a lot of people the hallway track is often where the magic is. That's really hard to do online and streaming can be a nuisance, you have to find a platform you have to think about what you're going to use for cameras. If you're going to record it, if you're going to do split screen to grab the slides. 

Vamosi: This might seem academic, but it is a real issue, some online conference platforms only give you a choice, slides, or the presenter, or they stick the presenter in a small picture in picture frame in the lower right hand corner. That doesn't always lend itself to a good presentation. 

Daniel: A lot of conferences tend to focus on the slides. What happens to have an animated presenter, probably an experienced presenter who whose slides support the presentation, you know, and slide support the presenter instead of, you know a lot of the death by PowerPoint stuff we all hate where, you know, and it's what we all do it first because we don't know any better. You know there are too many words on the slides, there's too much and if you don't cover the slides you miss half the talk. You know those are hard things to manage. A few of the online conferences have presenters pre record their presentations as opposed to doing the live. And I've done so with mixed success. And if you have people record it themselves, what do they do, how do you do it, there's, there's that sort of thing. If you get it.  If you just do a zoom group, or Google Hangout or whatever, Google is not killed off yet or whatever platform you want to use, use some of the newer stuff to cannas and one that looks kind of promising but I don't know when I'm blanking on the name of the other one. There's another really common name that kind of remember because it's too common word but for informal gathering to do a virtual version of a city's tech meetup or something, that's okay, because you're not trying to do that whole experience the whole conference experience

Vamosi:  With a pandemic raging throughout 2020 People have naturally turned to social media. There are lots of pros and cons to this. In episode 22 I talked with live overflow, who has over a half million followers on YouTube. We talked about the rise of social media InfoSec influencers, and whether or not some of these influencers had actually done the work to merit them talking about hacking, or whether it was all showmanship. On the one hand, you're creating your own YouTube content that is a creative solution to a bad situation. On the other hand, the one with the loudest voice tends to win.

Daniel:  First of all, the past year and a half has made it so that if you want to be heard, you need to do something. We're going to find a way to have your voice heard. And if you can do that. That's great. And if you can do it with our having to follow an established path, that's great. I wanted to know Jack's opinion of social media, it can really cut both ways. It can give a voice to people who otherwise would not have one, and it could be a cudgel to silence those who don't have many defenders. So we all want to be people but let's be here. As a reminder, you know a lot of people aren't as nice 

Vamosi: InfoSec Twitter, while introducing great people, has at time become predictably toxic. And as a consequence, some really good people have chosen to leave, which hurts the community overall to have their voices silenced, Even if it is voluntary.

Daniel:  As long as we think about the platforms we use, and how much they support the abuse, because, of course, you know, Facebook and Twitter in particular, those two in particular, is going to be an ad based system instead of subscription based we all just grown because we knew it was gonna be. We're going to become toxic, and then we're going to be special people in the blue checkmark celebrities can be racist and misogynistic and homophobic, and if you, if you're mean to them in response you get banned because it's really important to have those multimillion dollar multi million follower people in that platform, Facebook. 

Vamosi: Facebook is a very special form of social media.

Daniel:  Facebook is a different animal altogether actually Facebook is a whole bunch of different animals all together, and many of them are rabid, I mean you're venomous, and a few of them are good. Okay, so in an emergency, Facebook can be good. There's a couple of neighborhood groups down in my little town and if you lose a dog or you find a stranger. Lost and Found Pets and all you got to reunite the critters with somebody. The neighborhood watch you sent a bunch of busy guys just like hey was anybody else's power, you know, tornado went through a couple months ago and instantly. For those that had power, like everybody okay Jamie you need anything, you got a chainsaw on a pickup truck, you know, let me help you. You know there's a more general one which is like hey, just, you know, not necessarily safety whatever but it's help people stay in touch and it's like, wow, this little corner of Facebook is really nice and people are nice. When you look at the rest of it.

Vamosi: Don't you think social media could be so much better than the schoolyard taunting and teasing that we see today.

Daniel: You know, as you see people with different platforms and whatever whether or not they're being inclusive of other voices and such, is an issue. But I think anybody that's pushing boundaries that's trying new things. Let's give it a try. Let's keep an eye on it. Let's see what happens if it ends up being good, that's awesome. If it ends up being less than good. Let's make some constructive criticism, see if we can make things a little better. 

Vamosi: The online InfoSec community has been pretty good about calling out the jerks. At the end of the day there's probably a core group of influencers who you can follow, and they're pretty good. But it's important to remember just because someone doesn't have 1000s of followers, doesn't make them any less significant.

Daniel: You know, part of the reason I love this community is because I love the people. I'm going to point out the technology. I focus on my day jobs technology and a couple of specific interests but I'm not all over all technology and all security cool hackery stuff anymore. I put my efforts mostly into, and let them have that fun, because that's that's fun for me. And we tend to have amazing people in our communities with a minimum number of jerks, they tend to be loud, and so it's easy to see them. But they're way more good people but out there in the world man if you, if you've seen anything about airplanes if you've seen anything about public transit. People are jerks, be careful. Take care of each other. And you know we'll eventually get there.

Vamosi:  In addition to BSides, Jack contributes behind the scenes to the Diana initiative, an organization committed to helping the underrepresented in information security, 

Daniel: Yeah, I have an informal role but I have, have actually taken on a role of backup treasurer for them and I've been involved with the treasurer, in helping guide them through the 501(C)3 process, you know, sharing what I've learned, mistakes that I've seen and made, as well as things that went well for us in setting up a 501(c)3, and have chatted with, with them, as they've grown and faced some challenges with running a conference and hitting a pandemic and not everybody being misunderstandings, they should be about that, among other things, but it's the blood that I provide the insights where I can, and the support I can.

Vamosi: One of the areas that gets dicey is the ratio of men to women in InfoSec. It's been a problem and it remains a problem to this day. There are some really great women out there. So how does a straight white man go about being inclusive and amplifying their voices, without coming across as patronizing.

Daniel: I'm happy being a gaffer or grip in that production and being, and letting them lead in, and encouraging them and supporting them in ways I can't but Diana is, is doing things and, you know, diversity and inclusion programs have challenges you know what's what. Is there a specific goal, are you going to be exclusionary to support your diversity goals, which in some cases I think is legitimate and others, you know, it really depends. So, they have addressed those things as have other diversity inclusion programs you struggle with the ideas of opportunity and do certain groups get advanced opportunity but I think they've, they've, they've walked blind pretty well, they're not exclusionary but they make it clear who they're trying to support, and it's a good group and most of the people involved, that are friends of mine so very supportive of that.

Vamosi:  So what then are the ways that these older white men can successfully contribute.

Daniel: I think amplifying other people's messages is the key, so if you have, you know let other people's voices be heard. And if you can help amplify those messages without injecting yourself into it, other than to make it clear that you support them. That's good, and you can ask how you can help without being in the way, how you can help without stealing the spotlight, well over a decade ago I started speaking more and more in larger and larger groups, and it quickly came to me that it. Once the spotlight falls on you. I came up with it, with a corny saying, always, always carry a pocket mirror so that when the spotlight shines on you, you can reflect some of that back on to somebody that needs it, or somebody that hasn't seen the spotlight yet. And sometimes that's a big thing and sometimes it's little, sometimes it's grabbing a friend that's trying to break into the industry. At the end of one year talks are in the middle of winter talks and be like, Hey, Sarah, come here. Know you on stage. Now, here's Sarah. These are the challenges people face. She's graduating in a couple of months and can't get a job even though we claim that we have this shortage of people.

Vamosi: We talked a moment ago about toxicity with online social media here to in person in different organizations, you also need to be mindful of the trolls, as well.

Daniel: Don't put up with nonsense. That's the other one. Don't, don't, don't feed the trolls, don't, don't put a spotlight on the unpleasant people, and there are plenty of those. You know our social and political world has grown exceedingly polarized. There's a lot of conspiracy theories, there is a lot of general badness in front of Be very careful yours, but you know we're looking at, you see the old hippie with a Lucan bark Texas sign on my RV so you get an idea where I am, but it's, you know, don't steal the spot, if you're trying to amplify your voice, make sure you're amplifying others voices.

Vamosi:  He's the supporting actor in somebody else's production, doesn't mean you should not speak up, or look the other way when you see something wrong.

Daniel: If you see things that aren't right. Call them out as being not right. When you see stuff online. Don't be afraid to complain. And I'll say this so I work at a company, real publicly traded customers, we have to do our annual training. Then we do annual basic security training because not all of us came out of the end, you know, the security mindset, we're not all hackers, so a lot of people need to be reminded about privacy and data breaches and what's appropriate and what's not and ethics, especially in a publicly traded company and making safe workspace non hostile workspace non discriminatory workspace, and when you find something there that's wrong. You know complain about or complain about it when management says something that's tone deaf. Tell them politely and explain why it's tone, and sometimes

Vamosi:  The effort to create or teach sensitivity backfires. Again, when you see something wrong, say something. What bothers you might bother somebody else. 

Daniel: One that frustrated me I recently took a I forget what they called it but it was you know it was a part of a diversity and inclusion program ongoing training of, you know safe workspaces and Non, non, harassment, and one of the questions was about, you know, basically they're trying to get you to talk about, think about protected classes, but they said you know which of the following would likely be inappropriate. You know, and talk about or make fun of and, you know they made the obvious one. So, religion, race, you know, gender presentation, sexual orientation, the ones you expect but then they add a couple of throwaways that they said weren't that the correct answer was that they were not a challenge, or they, you know they're they're not an issue. And one of them was about teasing people about the college they went to, and it just set off all sorts of alarms.

Vamosi:  Everyone's university experience is personal and sometimes hard choices are made for a variety of reasons, some of which are economic. I went to a private university, but I went on massive financial aid. So right there, there may be assumptions to be made. My best friend. He went to a state school, we're still really good friends, but he occasionally brings it up in conversation, as though it might be a barrier between us. It's not. It's just some schools are better at some things that you want to study, be at a public or private institution. So teasing someone about where they went, or didn't go to school, I see that as a definite problem,

Daniel: Because that's, that's a naive point of view. So if I make fun of you for going to Smith. Oh, you don't like women who've taken Women's Studies classes. That's what you might be saying, by saying, if you make fun of somebody for going to Morehouse, or another historically black college university. You know, if you make fun of somebody for a stunning school you'd be dumb to make fun of somebody academic achievements who has a degree from Yeshiva. But, you know, making fun of Shiva football I don't know, but it's just like you know that's kind of naive because there are universities that say a lot about who you are or. There are a lot of their universities and colleges that could be used to make some assumptions about who you are, but not everybody that comes out of any of these schools is the same. Right, but they're just things like that and so I made sure I raised it like you know, that's not necessarily safe.

Vamosi: Another good point don't generalize based on the name of the school, again, different schools excel in different areas, so maybe that was the best fit for someone

Daniel:  There are a lot of great schools but people often make assumptions that may not be true. There are people that, that are in part that grew up in cultures or go to school and cultures, and have a visceral reaction to it and bounce away from those ideas, but still, no, you know, don't, don't make fun of somebody for Smith or Morehouse or yeshiva or, you know, wanted to just not do anything. If you want to whisper Go Dogs versus Roll tide as you walk around the office, down, down south but that's, that's a completely different sport. Okay, now, that's another matter. is probably okay. Is it. You know I'm down in Georgia these days, isn't the guy from Alabama walking past the cubicle Yellen Roll Tide. Every time you go by, it's like, yeah, that's just childish sports stuff, that's fine, but you know there's take some judgment and anyway, just little things like that, like, yeah that's college university and I remember, hovering over clicking and I'm like all right, I know the answer they want but that's the wrong answer and I'm gonna make sure somebody hears.

Vamosi: So there comes a point in life where you might begin to criticize everything, you know, nothing's. Good. Nothing is perfect, nothing is as it was or should be, you might start to become that cranky old man or woman down the road,

Daniel: It's very hard to do because a lot of this is opinion and I think opinions are wrong, but that's not how opinions work. I really think that looking at things and trying to understand the perspectives, and you know the past couple of years, particularly in the US we've passed here in particular we've, we've seen them to see things. The problem

Vamosi: is when somebody takes an issue, and claims it for themselves, for themselves, not for the civic community, not for the betterment of everybody else.

Daniel:  We've also seen people take advantage of the global spotlight and try to support things for their own good, so the if we look at the Black Lives Matter movement. I think there are people that have tried to profit off of it and dilute the message. And I don't say that to attack anyone in particular but it's just a really good example and if you've paid attention. If you're my age and you paid attention to the anti war movement in the 60s and 70s. There were people that did it for their own glory, not because they really cared about outcomes. And we have those people too and if you spot that I don't know if you don't, if you don't think calling them out is right that's fine but not supporting the fake people.

Vamosi:  We're not talking about the imposter syndrome here which I've discussed before, Where legitimately talented people feel they're not interesting enough to talk to others about their own work. No, they have a right to say they've done the work. Rather, we're talking about the charlatans, we're talking about the megalomaniacs who have no talent that seems to consume a lot of oxygen in the room. Whenever they speak.

Daniel:  I've just given you a bit of advice that's really hard, some of it's really hard to follow, but it comes back to amplify the voices that should be amplified and hear what people say when they're frustrated, hear what people have to say, people from the LGBTQIA community, people of color, people who are immigrants, people in religions which may not be as popular in the US.

Vamosi:  Too often we rush to judgment, myself included, rather we should all learn to take a pause and just listen to other people.

Daniel: When you hear from people about a problem, before you say anything as old white dude, stop and think, processing, try to understand it, don't ask them to explain it unless they're a friend, and you ask if it's okay, don't you know, don't, don't make them do labor for you to explain something that, you know, like the internet can explain to you, or book or audiobook can explain what you know listen to those people. Oh, okay. All right, I get it. That doesn't seem like a big deal to me.

Vamosi:  Again, if you listen to someone, they'll surprise you, and you may find that their interests aren't so far from your own, or you may find that their interests outside of InfoSec has absolutely nothing to do with InfoSec and therefore shouldn't impact your professional working relationship with them.

Daniel:  An old white guy who has a chance I know enough money in an IRA that I might someday be able to retire, ASAP. So that's a very different world than a lot of people that are trying to get into our industry, it's a very different world and a lot of, you know, millennial white man economy, the economic world is different. And so once you get out of the straight white guys. Even the younger ones are having more of a challenge but once you get out of the club I mean, it starts to get harder, and a lot of people dismiss that, but I don't know I grew up in Dallas and our family didn't leave because of white flight in the 60s. So I saw things like, Oh, wow. That sucks. Listen. Listen.

Vamosi:  So, as more and more people are vaccinated as we start to come out of our quarantine. What does Jack recommend

Daniel: Things that I'm looking at now as the world starts to return to normal, are needed or not, there's still people getting sick. I won't help anybody but there's somebody that was vaccinated that went to an event, an in person event, and kind of mild case of COVID is vaccinated. And that's what the vaccine does: it mostly keeps you from dying, keeps you out of the hospital, right. And the last thing I saw was well over 99% of the COVID fatalities in the US right now are from for non vaccinated people, but with variants and whatever vaccinated people are, you know could get a capability, and we don't know how long it's going to be for weed boosters, so easy and be careful. Give yourself time to adjust the new normal. I've run into this with multiple people who were used to being in large crowds and fed off the energy of crowds and got back with people after being cautious.

Vamosi:  That said, Jack is lying low this summer, he won't be attending hacker summer camp,

Daniel:  Not going to Black HAt and Def Con this year. That's not a shot at them, they made a decision, they're handling it and what they feel is an appropriate way and that's appropriate for them and it's cool for the people that are going. I am older. And you know what, I'll go to Vegas, I have friends in Vegas, I'll go when the sun doesn't try to kill me. Since, BSides Las Vegas will be virtual this year as well Diana initiative, people I want to go for won't be the majority there. But you know, my plan is to be there next year.

Vamosi:  And, really, a lot of this reemergence comes with the burden of having lost something.

Daniel:  And in a year where we've, we've lost some. We lost. You know we lost Dan Kaminski. He was very high profile and as I said then I was trying to figure out why that one hurts so bad Dan and I were friendly but we didn't spend that much time together we hung out a few times. It had a few conversations, it's like oh yeah everybody's lost someone. Everybody's lost something. Even if you haven't lost anybody even if you're really lucky and nobody's lost anybody in this pandemic you've lost things, you know, stores or closed restaurants or bars or closed communities that were on the ropes or even worse off. We've all lost stock, so when there's a public last, we all kind of latch on to it. And that goes back to little compassion, a little, including for ourselves. Because if we don't take care of ourselves, we'll become the jerks, and then everybody will not like us and like ourselves so be kind to yourself so that you can be kind to others, and we'll get through this.

Vamosi:  I'd really like to thank Jack Daniel for taking the time to be a guest on The Hacker Mind. Jack has many important things to say, we've only just scratched the surface with this one episode and I hope to invite it back again for more conversation. 

Let's keep the conversation going. The Hacker Mind is now on a subreddit, you can look for us at The Hacker Mind, all in leet speak. The hacker mind is brought to you every two weeks commercial free by ForAllSecure. 


For The Hacker Mind, I remain the always civic-minded Robert Vamosi.


Share this post

Fancy some inbox Mayhem?

Subscribe to our monthly newsletter for expert insights and news on DevSecOps topics, plus Mayhem tips and tutorials.

By subscribing, you're agreeing to our website terms and privacy policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Add Mayhem to Your DevSecOps for Free.

Get a full-featured 30 day free trial.

Complete API Security in 5 Minutes

Get started with Mayhem today for fast, comprehensive, API security. 

Get Mayhem

Maximize Code Coverage in Minutes

Mayhem is an award-winning AI that autonomously finds new exploitable bugs and improves your test suites.

Get Mayhem